Engineer Pentesting

Vertiv, a global organization with nearly 24,000 employees, designs, builds, and services critical infrastructure that enables vital applications for data centers, communication networks, and commercial and industrial facilities. We support today’s growing mobile and cloud computing markets with a portfolio of power, thermal, and infrastructure management solutions.

The Application and Product Security Engineer (Penetration Testing) is responsible for conducting security pen testing, monitoring, and auditing within a dynamic global organization. The products under test will range from embedded devices to cloud services, with some tests being white box and others black box engagements.

A successful engineer will evaluate the product to identify weaknesses in design and implementation, focusing on those vulnerabilities to find security gaps under the guidance of senior engineers and testing leads. The engineer should clearly document findings, analysis, and prepare detailed reports.

In addition to performing internal application and product security assessments, the Penetration Tester will support the following duties:

• Conduct security evaluations and threat assessments of embedded systems, mobile applications, and web applications.
• Research to find new vulnerabilities and enhance existing capabilities.
• Circumvent security protection methods and techniques.
• Perform data bus monitoring (snooping) and data injection.
• Conduct communications protocol analysis in embedded products and applications.
• Conduct wireless communications channel snooping and data injection.
• Learn to reverse engineer complex systems and protocols.
• Create detailed technical reports and proof of concept code to document findings.
• Perform system breakdown of the project/product before testing, identify testing requirements, and plan activities with the help of senior/test engineers.
• Provide proactive interaction with engineering teams regarding testing needs, progress, and detailed analysis reports.

• Bachelor’s Degree in Information Technology, Computer Science, or related field is highly desirable.
• Advanced security certifications such as OSCP, CEH, or equivalent.
• 5+ years of experience in information, application, or embedded product security and/or IT risk management.
• 2+ years of pentesting experience with personal interest or experience in CTFs, HacktheBox, etc.
• Solid understanding of security protocols, cryptography, authentication, and authorization.
• Good knowledge of current IT risks and security solutions.
• Ability to communicate effectively with various personnel to articulate and enforce security measures.
• Excellent written and verbal communication skills and business acumen.
• Strong ability to establish partnerships, influence change, and achieve results in a dynamic environment.
• Meaningful technical contributions to the development lifecycle of applications, products, or services.

• Experience in embedded systems/software and web applications development.
• Familiarity with compilers, debuggers, disassemblers, and analysis tools.
• Experience with binary analysis tools such as IDA Pro, WinDbg, BinWalk, etc.
• Understanding of cryptographic algorithms, protocols, and their vulnerabilities.
• Knowledge of network protocols and packet-level development.
• Experience with microcontroller programming and debugging interfaces.
• Exposure to Layer 2, Layer 3 networking, and QoS.
• Knowledge of malware/botnet exploits targeting embedded systems.
• Experience with operating systems like Windows, Linux, Android, and iOS.
• Understanding of the computer boot process and boot loaders.
• Additional practical skills such as static memory analysis, data element extraction, etc., are a plus.
• Experience with Gitlab for issue management is preferred.